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Claims 

[d] What is claimed is: 

1. A network address translation (NAT)-enabled device 
comprising: 

a NAT facility for connecting at least two hosts inside a 
first network to a second network, wherein the NAT fa- 
cility allows the inside hosts to share an address of the 
second network; 

a gateway interface for connecting to a demilitarized 
zone (DMZ) host inside the first network; 
a disposer connected to the gateway interface for as- 
signing an address of the second network to the DMZ 
host; and 

a dispatcher connected to the gateway interface and the 
NAT facility for communicating messages between the 
second network and the gateway interface or the NAT fa- 
cility according to a communication criteria of the mes- 
sage. 

[c2] 2. The NAT-enabled device of claim 1 wherein the com- 
munication criteria is derived from a medium access 
control (MAC) address of the message. 

[c3] 3. The NAT-enabled device of claim 2 wherein the dis- 



poser assigns the second network address of the NAT- 
enabled device to the DMZ host if such address is public. 



[c4] 4. The NAT-enabled device of claim 3 wherein the dis- 
poser assigns a temporary second network address and 
associated validity lifetime to the DMZ host if the second 
address of the NAT-enabled device is not public. 

[c5] 5. The NAT-enabled device of claim 4 wherein the dis- 
poser assigns an address to the DMZ host in response to 
a request from the DMZ host. 

[c6] 6. The NAT-enabled device of claim 5 wherein the dis- 
poser allows the DMZ host to acquire a validity lifetime 
to transmit messages or obtain addresses of hosts in the 
second network upon a request by the DMZ host. 

[c7] 7. The NAT-enabled device of claim 2 wherein the dis- 
patcher stores the address of the DMZ host and com- 
pares destination address information of a message re- 
ceived from the second network with the address of the 
DMZ host, forwarding the message to the DMZ host 
when the MAC address corresponds to the DMZ host and 
forwarding the message to the NAT facility when the 
MAC address does not correspond to the DMZ host. 

[c8] 8. The NAT-enabled device of claim 7 wherein the dis- 
patcher identifies a message being sent to the second 



network from the DMZ host by checking the MAC ad- 
dress of such message. 

9. A network address translation (NAT)-enabled device 
comprising: 

a NAT facility for connecting at least two hosts inside a 
first network to a second network, wherein the NAT fa- 
cility allows the inside hosts to share an address of the 
second network; 

a gateway interface for connecting to a demilitarized 
zone (DMZ) host inside the first network; 
a disposer connected to the gateway interface for as- 
signing an address of the second network to the DMZ 
host in response to a request from the DMZ host, 
wherein the disposer assigns the second network ad- 
dress of the NAT-enabled device to the DMZ host if such 
address is public and the disposer assigns a temporary 
second network address and associated validity lifetime 
to the DMZ host if the second address of the NAT- 
enabled device is not public; and 
a dispatcher connected to the gateway interface and the 
NAT facility for communicating messages between the 
second network and the gateway interface or the NAT fa- 
cility according to a communication criteria of the mes- 
sage, the dispatcher storing the address of the DMZ host 
and comparing destination address information of a 



message received from the second network with the ad- 
dress of the DMZ host, and forwarding the message to 
the DMZ host when the communication criteria corre- 
sponds to the DMZ host and forwarding the message to 
the NAT facility when the communication criteria does 
not correspond to the DMZ host, the dispatcher identify- 
ing a message being sent to the second network from 
the DMZ host by checking the communication criteria of 
such message. 

[do] 10. The NAT-enabled device of claim 9 wherein the 

communication criteria is derived from a medium access 
control (MAC) address of the message. 

[en] 11. The NAT-enabled device of claim 10 wherein the 
disposer allows the DMZ host to acquire a validity life- 
time to transmit messages or obtain addresses of hosts 
in the second network upon a request by the DMZ host. 

[d2] 12. A method for communicating information between a 
first network and a second network, the method com- 
prising: 

assigning a second network address to a demilitarized 
zone (DMZ) host of the first network; 
receiving from the second network a message having a 
destination address equal to the second network ad- 
dress; 



forwarding the message to the DMZ host of the first net- 
work when a communication criteria of the message 
matches a first criteria; and 

forwarding the message to another host of the first net- 
work when the communication criteria of the message 
does not match criteria. 

[d3] 13. The method of claim 12 wherein the second network 
address assigned to the DMZ host is the second network 
address of the first network when such address is public, 
and the second network address assigned to the DMZ 
host is a temporary second network address when the 
second network address of the first network is not pub- 
lic. 

[d4] 14. The method of claim 13 wherein the communication 
criteria is derived from a medium access control (MAC) 
address of the message, the first criteria being the MAC 
address of the DMZ host. 

[d5] 15. The method of claim 14 wherein the temporary sec- 
ond network address has a validity lifetime considerably 
shorter than that of the second network address of the 
first network. 

[d6] 16. The method of claim 15 further comprising: 

reassigning a second network address to a demilitarized 



zone (DMZ) host of the first network upon expiry of the 
validity lifetime. 

[d7] 17. The method of claim 16 further comprising: 

detecting for an active connection between the first and 
second networks; 

activating a connection between the first and second 
networks when no connection between the first and sec- 
ond networks exists. 

[d8] 18. The method of claim 14 wherein assigning the sec- 
ond network address to the DMZ host is in response to a 
request from the DMZ host. 

[d9] 19. a network address translation (NAT)-enabled device, 
gateway device, or network router comprising a NAT fa- 
cility, a gateway interface, a disposer, and a dispatcher 
for performing the method of claim 12. 



